diff --git a/Makefile b/Makefile
index c0c24b6..239dcd7 100644
--- a/Makefile
+++ b/Makefile
@@ -163,11 +163,12 @@ restore: ## Восстановить данные из резервной коп
 ssl-generate: ## Генерация SSL сертификатов для Kafka и PostgreSQL
 	@echo "🔐 Генерация SSL сертификатов для Kafka..."
 	@mkdir -p ./kafka-ssl
-	@docker run --rm -v $$PWD:/workspace -w /workspace \
+	@docker build -t sensus-kafka-ssl ./kafka-ssl/
+	@docker run --rm -v $$PWD:/workspace \
 		-e KAFKA_SSL_KEYSTORE_PASSWORD=$${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123} \
 		-e KAFKA_SSL_TRUSTSTORE_PASSWORD=$${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123} \
 		-e KAFKA_SSL_KEY_PASSWORD=$${KAFKA_SSL_KEY_PASSWORD:-kafka123} \
-		openjdk:11-jre-slim bash -c "apt-get update && apt-get install -y openssl && chmod +x /workspace/kafka-ssl/generate-ssl.sh && /workspace/kafka-ssl/generate-ssl.sh"
+		sensus-kafka-ssl
 	@echo "✅ SSL сертификаты Kafka созданы в ./kafka-ssl/"
 	@echo "🔐 Генерация SSL сертификатов для PostgreSQL..."
 	@mkdir -p ./postgres-ssl
diff --git a/ca-cert b/ca-cert
new file mode 100644
index 0000000..c67a426
--- /dev/null
+++ b/ca-cert
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDrzCCApegAwIBAgIUSjePknvzx9A0iWmw4kymBR8xqVkwDQYJKoZIhvcNAQEL
+BQAwZzELMAkGA1UEBhMCUlUxDzANBgNVBAgMBk1vc2NvdzEPMA0GA1UEBwwGTW9z
+Y293MQ8wDQYDVQQKDAZTZW5zdXMxCzAJBgNVBAsMAklUMRgwFgYDVQQDDA9jYS5z
+ZW5zdXMubG9jYWwwHhcNMjUwOTEwMTU0MTE3WhcNMjYwOTEwMTU0MTE3WjBnMQsw
+CQYDVQQGEwJSVTEPMA0GA1UECAwGTW9zY293MQ8wDQYDVQQHDAZNb3Njb3cxDzAN
+BgNVBAoMBlNlbnN1czELMAkGA1UECwwCSVQxGDAWBgNVBAMMD2NhLnNlbnN1cy5s
+b2NhbDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKzwlx/OqUcg1DdL
+dCwuopkWPVHx1eZTaEWb5WM9Z1WkOJYkhlNeqzIqeH/EdvS0KvFJpsP4KJGj7HF0
+PG93aiNN7MMd64sIwf67cy1s1BTsm5WdRlf9NYf4NBZcjykQq9y5Y7SvrGBLqgfY
+mTciMRLT6w3BGW8IiU5Cijwv2FBzhhSQSXJilRP1urW+TmctEfFoOLveFaDKz2nP
+2jGgQMf2MTLslW3GY0TdtDlmkLaJ9gcy1Z+DVgpID8Y0sgIMpBIUN7s6HT3Uh/qT
+qS5BczJW06zm7mwS99yCN+h8SFKbyGffx5omCK4kBtyezcev28nsfFlDUyyxzQ6N
+PdbHIIUCAwEAAaNTMFEwHQYDVR0OBBYEFP2VgVDe9fNtpcUKQuv+p01msdYkMB8G
+A1UdIwQYMBaAFP2VgVDe9fNtpcUKQuv+p01msdYkMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQELBQADggEBAE8Ue2K7OIuzWZ9PSdRvK5ubMLWK2P+YKo+85pvn
+k0/0EjaQDBbVR9OytzR8Viwl3ME9hgP4QEhWLHcNgQqtQ+VWRZtLjteJ0MYYzfwO
+Ue1NNB0Pa2lA6xLIekMbLVCo+wEQ64VCKwI0gjcJdSkx38lQ9DTbU6OepAa+w9Bo
+wM1TfTM/yMrXkGWbbjTMGCuQjxZJS2ScOcZIyWwLfv2GDLEG1I4Z+YwVVv5orf5X
+4RcXyuFK3AJuF4/eM3wLvizEfmcTKtEFaghWin8dhWg1RIV+u8QsuHEasuhB1JCc
+puvKzb9czXEmJso+aDyy1SOwCrbb7ZOX97OxTzGfXdcbwVY=
+-----END CERTIFICATE-----
diff --git a/ca-key b/ca-key
new file mode 100644
index 0000000..8ca360b
--- /dev/null
+++ b/ca-key
@@ -0,0 +1,30 @@
+-----BEGIN ENCRYPTED PRIVATE KEY-----
+MIIFHDBOBgkqhkiG9w0BBQ0wQTApBgkqhkiG9w0BBQwwHAQIAiw9VEuLcnICAggA
+MAwGCCqGSIb3DQIJBQAwFAYIKoZIhvcNAwcECJt1Fkh/2mpHBIIEyFJwP3wCJOvu
+05kplp9aFOXlFKdTjHhUbpWkqlG/9N85565eSZtHrp8AonScVxEbUZVHM3lERM/w
+R6UZ8IiLLmuwcPLDosOrZUQDFJhVTswcA2asRCAoFaQC4XEFxkMl8Sj85a+5Hr2L
+v9nejAHzrmryRwVh32KRa/Vcrv1aIn21rFFoKzYefCEDAdL+WcTZ+wpdbP9GV1NF
+SZGYToIOWFTiSxIw+bgxyy62QaXiAjJw+M4O0sDbKcTwAnrBOQ1S/HoW78BB/IeC
+fJDQRIm1CDPLhE5iWF9rnxVz3E4X8fGtzPJBHmQfMb27QKPoexS9ND1YxrsAVnAK
+Judmc9CP4qoBERfnxXx41iofo1NQkYRVIkCuTB7yRuFJCkJPsMUqKcv9/N7rLCom
+P1qyN8dJ4NL2TV7K987zUspHilAbiD4NWdsd+Ti5L2zTTOCjnbGWHwgxZ3klFPFr
+wauOa2W7OaYJa40NSk2j3ynY7eBauEDJ4F8y+R7bLJJjSux8RcpCzFfAGfsATQxq
+EOjbpB5TiRYrTQlvnaxoZow/+qOfImfQ3jvasY/rPEkZx6rBiJ9jzLa+TBHhnEgv
+hulD691x/dJNgfIbd155ACSAWHoJg8igWNNYW9wGKh5CbvxjOK5EJO/nOyVOkPzf
+PdbtG3xw+lXqW0aZAGILWGB9Sntph6S2V5iYaWUIjiLuvJHWW7PZQxmYGpEgG3Ve
+1amtQgRgM72erq3wp+C2cZmx337G0vR5r2P+OqL3apcjmvQTEzjIWmceCEnFSdk0
+llhNLayVzzbr81qjPhOhIFd14eoi1g2Yqsu1Wq4Rl7UxG9GfROtTGzp5eom9VxwX
+BMZuGWDxp/7KvmG/C3V3gKgYtWYalfCMAfgLnEKtnLWu03TDSwv7VcxNK6PAHL2c
+X3DKwNPjNuf+FFKciZeQTmJV91kEHK7N2k6Co9eioYUuvRJsBcF04O99jXvBBOJw
+pv9SyiLPAN9VFHw9gsLgpvJJhENb1QCU71KSSEOkqAkUxXKkbilzqxqpHrpfvrSL
+pCemSG3mRloFLi1AjkyUTFnR1dS7iMCeXto2hSvNVRSpqki6q2Jp37LUnmq3GRTp
+9ciOC8BHhrLz/v5u2AgDlPEICeItdRBlTIAZ0ViiJK9Mm9NWoSExtlN+K3KHgVMd
+SVfjCOhZoIQxG1RRrpXazBCDKeoiA6SXHrE+qiyjrIq9RB7e4Dj5UePEAFixYMII
+HWs7O24M+zlXPLbdhh0ipgDBwAHmVZD0ie/qthWJc0iaEO65U4RI75wzWSL32bTM
+h/jUAfwoNIgblL0Mi1Qnj9P9lCLprN3a++PyR1vTun/F1+Ok1rxEOkXGaHYsYvqN
+M3NYxH8pM8F6aBh17l5PUlPcErdhWYHNtOUIWtbfJw8XFQbYUo5W7a+khWuxW4DO
+uo2lwxEAUUBpSMAdIcaGa3o2cvj2pQ3tobQxA5n9Ak7kK53+yUMtGkWL3EoBDtl4
+M/auLQYAt+g7U9nCfClXh8P3wyfTuBNjel49nfbjbBG2EZTmPh5/ZS5ODIOGFbp6
+S0Y0IdN6Ocj+42DW9stpjPH3EHA/pQHT07cS6OmLh0EYEZJsdDzkVJ9SPplODujt
+OHkZKuOPw37gLXaPvNO15w==
+-----END ENCRYPTED PRIVATE KEY-----
diff --git a/docker-compose.yml b/docker-compose.yml
index aa3486b..1e1235a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -2,8 +2,6 @@
 # Назначение: Инфраструктура для SensusAgent и SensusWorker
 # Включает: Kafka, KafkaUI, PostgreSQL, ClickHouse (2 реплики)
 
-version: "3.9"
-
 services:
   # Zookeeper для Kafka
   zookeeper:
@@ -34,9 +32,9 @@ services:
     environment:
       KAFKA_BROKER_ID: 1
       KAFKA_ZOOKEEPER_CONNECT: zookeeper:2181
-      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,SSL:SSL
-      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092,SSL://0.0.0.0:9093
-      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.29.91.4:9092,SSL://10.29.91.4:9093
+      KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT
+      KAFKA_LISTENERS: PLAINTEXT://0.0.0.0:29092,PLAINTEXT_HOST://0.0.0.0:9092
+      KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://kafka:29092,PLAINTEXT_HOST://10.29.91.4:9092
       KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
       KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
       KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
@@ -47,19 +45,8 @@ services:
       KAFKA_LOG_RETENTION_HOURS: ${KAFKA_LOG_RETENTION_HOURS:-168}
       KAFKA_LOG_SEGMENT_BYTES: ${KAFKA_LOG_SEGMENT_BYTES:-1073741824}
       KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS: ${KAFKA_LOG_RETENTION_CHECK_INTERVAL_MS:-300000}
-      # SSL настройки
-      KAFKA_SSL_KEYSTORE_LOCATION: /var/ssl/private/kafka.server.keystore.jks
-      KAFKA_SSL_KEYSTORE_FILENAME: kafka.server.keystore.jks
-      KAFKA_SSL_KEYSTORE_PASSWORD: ${KAFKA_SSL_KEYSTORE_PASSWORD:-kafka123}
-      KAFKA_SSL_KEY_PASSWORD: ${KAFKA_SSL_KEY_PASSWORD:-kafka123}
-      KAFKA_SSL_TRUSTSTORE_LOCATION: /var/ssl/private/kafka.server.truststore.jks
-      KAFKA_SSL_TRUSTSTORE_FILENAME: kafka.server.truststore.jks
-      KAFKA_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_SSL_TRUSTSTORE_PASSWORD:-kafka123}
-      KAFKA_SSL_CLIENT_AUTH: ${KAFKA_SSL_CLIENT_AUTH:-none}
-      KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ${KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM:-https}
     volumes:
       - kafka-data:/var/lib/kafka/data
-      - ./kafka-ssl:/var/ssl/private:ro
     ports:
       - "${KAFKA_EXTERNAL_PORT:-9092}:9092"
       - "${KAFKA_SSL_PORT:-9093}:9093"
@@ -84,7 +71,7 @@ services:
       KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS: ${KAFKA_CLUSTERS_0_BOOTSTRAPSERVERS:-kafka:29092}
       KAFKA_CLUSTERS_0_ZOOKEEPER: ${KAFKA_CLUSTERS_0_ZOOKEEPER:-zookeeper:2181}
       KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL: ${KAFKA_CLUSTERS_0_PROPERTIES_SECURITY_PROTOCOL:-PLAINTEXT}
-      KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/var/ssl/private/kafka.server.truststore.jks}
+      KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_LOCATION:-/etc/kafka/secrets/kafka.server.truststore.jks}
       KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD: ${KAFKA_CLUSTERS_0_PROPERTIES_SSL_TRUSTSTORE_PASSWORD:-kafka123}
       DYNAMIC_CONFIG_ENABLED: ${DYNAMIC_CONFIG_ENABLED:-true}
       # Авторизация Kafka UI
@@ -93,7 +80,7 @@ services:
       SPRING_SECURITY_USER_PASSWORD: ${KAFKA_UI_PASSWORD:-admin}
       SPRING_SECURITY_USER_ROLES: ${KAFKA_UI_USER_ROLES:-ADMIN}
     volumes:
-      - ./kafka-ssl:/var/ssl/private:ro
+      - ./kafka-ssl:/etc/kafka/secrets:ro
     ports:
       - "${KAFKA_UI_PORT:-8080}:8080"
     networks:
diff --git a/kafka-ssl/Dockerfile b/kafka-ssl/Dockerfile
new file mode 100644
index 0000000..c171f0a
--- /dev/null
+++ b/kafka-ssl/Dockerfile
@@ -0,0 +1,28 @@
+# Автор: Сергей Антропов, сайт: https://devops.org.ru
+# Назначение: Docker-контейнер для генерации SSL сертификатов Kafka
+
+FROM openjdk:17-jdk-slim
+
+# Установка необходимых пакетов
+RUN apt-get update && apt-get install -y \
+    openssl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Создание рабочей директории
+WORKDIR /workspace
+
+# Копирование скрипта генерации
+COPY generate-ssl.sh /workspace/kafka-ssl/generate-ssl.sh
+RUN chmod +x /workspace/kafka-ssl/generate-ssl.sh
+
+# Создание директории для сертификатов
+RUN mkdir -p /workspace/kafka-ssl
+
+# Установка переменных окружения
+ENV KAFKA_SSL_KEYSTORE_PASSWORD=kafka123
+ENV KAFKA_SSL_TRUSTSTORE_PASSWORD=kafka123
+ENV KAFKA_SSL_KEY_PASSWORD=kafka123
+ENV CERT_VALIDITY_DAYS=365
+
+# Команда по умолчанию
+CMD ["/workspace/kafka-ssl/generate-ssl.sh"]
diff --git a/kafka-ssl/generate-ssl.sh b/kafka-ssl/generate-ssl.sh
index d537ff2..4878c4f 100755
--- a/kafka-ssl/generate-ssl.sh
+++ b/kafka-ssl/generate-ssl.sh
@@ -72,16 +72,20 @@ keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cer
 
 # 14. Копирование файлов в целевую директорию
 echo "📁 Копирование сертификатов..."
-cp kafka.server.keystore.jks /workspace/kafka-ssl/
-cp kafka.server.truststore.jks /workspace/kafka-ssl/
-cp kafka.client.keystore.jks /workspace/kafka-ssl/
-cp kafka.client.truststore.jks /workspace/kafka-ssl/
-cp ca-cert /workspace/kafka-ssl/
-cp ca-key /workspace/kafka-ssl/
+cp kafka.server.keystore.jks /workspace/
+cp kafka.server.truststore.jks /workspace/
+cp kafka.client.keystore.jks /workspace/
+cp kafka.client.truststore.jks /workspace/
+cp ca-cert /workspace/
+cp ca-key /workspace/
 
 # 15. Установка правильных прав доступа
-chmod 600 /workspace/kafka-ssl/*.jks
-chmod 600 /workspace/kafka-ssl/ca-*
+chmod 600 /workspace/*.jks
+chmod 600 /workspace/ca-*
+
+# 16. Проверка созданных файлов
+echo "🔍 Проверка созданных файлов..."
+ls -la /workspace/
 
 echo "✅ SSL сертификаты успешно созданы!"
 echo "📋 Созданные файлы:"
diff --git a/kafka.client.keystore.jks b/kafka.client.keystore.jks
new file mode 100644
index 0000000..ed4b4e3
Binary files /dev/null and b/kafka.client.keystore.jks differ
diff --git a/kafka.client.truststore.jks b/kafka.client.truststore.jks
new file mode 100644
index 0000000..cd4e067
Binary files /dev/null and b/kafka.client.truststore.jks differ
diff --git a/kafka.server.keystore.jks b/kafka.server.keystore.jks
new file mode 100644
index 0000000..f2b3fca
Binary files /dev/null and b/kafka.server.keystore.jks differ
diff --git a/kafka.server.truststore.jks b/kafka.server.truststore.jks
new file mode 100644
index 0000000..7798adc
Binary files /dev/null and b/kafka.server.truststore.jks differ
diff --git a/postgres-ssl/ca.srl b/postgres-ssl/ca.srl
new file mode 100644
index 0000000..d434f6f
--- /dev/null
+++ b/postgres-ssl/ca.srl
@@ -0,0 +1 @@
+43086F753CECE73B2BD20B70FEB9968991CC7FBF